From: Jamie Lokier <jamie@shareable.org>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
linuxppc-dev@lists.linuxppc.org,
Anton Blanchard <anton@au.ibm.com>,
linuxppc64-dev@lists.linuxppc.org
Cc: linux-kernel@vger.kernel.org
Subject: A question about PROT_NONE on PPC and PPC64
Date: Wed, 30 Jun 2004 04:18:22 +0100 [thread overview]
Message-ID: <20040630031821.GB25149@mail.shareable.org> (raw)
Hi folks,
I'm doing a survey of the different architectural implementations of
PROT_* flags for mmap() and mprotect(). I'm looking at linux-2.6.5.
The PPC and PPC64 implementations are very similar to plain x86:
read implies exec, exec implies read and write implies read.
(Aside: Is the patch for making exec permission separate on its way
into the tree?)
I see a potential bug with PROT_NONE. I'm not sure if it's real, so
could you please confirm?
PPC32
=====
In include/asm-ppc/pgtable.h, there's:
#define PAGE_NONE __pgprot(_PAGE_BASE)
#define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
It appears the only difference betwen PROT_READ and PROT_NONE is
whether _PAGE_USER is set.
Thus PROT_NONE pages aren't readable from userspace, but it appears
they _are_ readable from kernel space. Is this correct?
This means that calling write() with a PROT_NONE region would succeed,
instead of returning EFAULT as it should, wouldn't it?
If so, this is a bug. A minor bug, perhaps, but nonetheless I wish to
document it.
I don't know if you would be able to rearrange the pte bits so that a
PROT_NONE page is not accessible to the kernel either. E.g. on i386
this is done by making PROT_NONE not set the hardware's present bit
but a different bit, and "pte_present()" tests both of those bits to
test the virtual present bit.
PPC64
=====
In include/asm-ppc64/pgtable.h, there's:
#define _PAGE_BASE (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_COHERENT)
#define PAGE_NONE __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED)
#define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER)
This looks very similar to PPC32: the main difference between
PROT_NONE and PROT_READ appears to be the _PAGE_USER flag.
So does this mean that PROT_NONE pages, although they aren't readable
from userspace, are readable from kernel space? I.e. that write()
with a PROT_NONE region would succeed, instead of returning EFAULT as
it should?
I don't know whether the _PAGE_COHERENT flag is significant here.
Perhaps you use it in some clever way in the TLB handler to prevent
these pages from being present in the TLB?
Thanks,
-- Jamie
next reply other threads:[~2004-06-30 3:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-30 3:18 Jamie Lokier [this message]
2004-06-30 4:47 ` A question about PROT_NONE on PPC and PPC64 Paul Mackerras
[not found] ` <20040705072731.GB19707@iram.es>
[not found] ` <20040705142046.GB3411@mail.shareable.org>
[not found] ` <20040705155908.GA23163@iram.es>
2004-07-05 19:11 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040630031821.GB25149@mail.shareable.org \
--to=jamie@shareable.org \
--cc=anton@au.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.linuxppc.org \
--cc=linuxppc64-dev@lists.linuxppc.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.